Future Pathway: Overcoming the Sustained
Challenges in Digital Forensic Investigation Process.


Joseph O. Esin
Department of Computer Science, University of Calabar, Nigeria
Lead Professor of Computer Information Systems/Cybersecurity
Jarvis Christian College, Hawkins, Texas USA

Forensic investigation is an organic profession whose success depends
heavily on a continuous, vibrant, and deliberate effort to design new gadgets,
devices, and techniques of investigation. Criminals and law breakers are ready and
determined to circumvent the existing technologies in order to stay ahead of
detection and arrest in their self-generated craft. As a result, the proliferation and
use of electronic devices, encryption machines, protective tools, stationary and
mobile devices, and internet technologies is expanding at alarming rates. Today,
mobile devices, computers, and internet technologies are the nucleus of
communications, economic potentials, and continued human existence.
However, these devices are dynamic sources of grave concern against criminal
activities and cyber criminals who are out to disrupt, access, steal data and
information, and engage in unlawful activities that undermine personal, national,
and global security. Inter alia, the operative and active use of electronic devices
by digital forensic investigators is playing an important role in the prosecution of
criminals and the blocking of unauthorized access to data and information stored on
secured digital storage systems.


The use of computers, mobile devices, email logs, and internet technologies
in forensics investigations is a self-motivated measure set forth to recover the
much-needed digital records from immobile and mobile devices within
organizations to produce irrefutable, convincing, and up-front evidence to the
public and in court. Naturally, when a regular crime occurs, digital forensic
investigators and law enforcement officers are invited to conduct, examine,
analyze, and produce comprehensive and conclusive evidence gathered on the
crime scene for presentation in court. Despite the attempts by forensic investigators
to dissect and present reliable evidence to the public and the court, law offenders,
code-named criminals, are urbane and equipped with available diplomacies to
circumvent new activities to evade being detected and/or arrested and detained.
Framework of Digital Forensic Investigation

Forensic investigators’ approach to gathering evidence on the crime scene,
arresting, and prosecuting criminals is not a panacea to digital crimes. Indeed, the
digital domain provides an opportunity, a haven, for killers, pornographers, and sex
officers to roam the streets and terrorize citizens of the peaceful community. The
zenith of forensic investigation is to recover data stored in victims’ and the
criminals’ wired and wireless systems, and email log activities which are
considered as integral parts of crime evidence in the court of law. As Shaaban
and Sapronov (2016) and Casey (2011) hinted, digital forensic investigation is an
enduring long-term investment and an unwavering measure to cripple criminals’
motives and intents to threaten the vulnerable innocent human community. These
investigators create innovative and projected measures to battle and eradicate
computer intruders and sex offenders’ intent to petrify innocent adults and
children. To overcome the impending challenges, the same combating procedures
must be stretched to apprehend, forestall crackers, and hackers who attempt to


break into organizations’ web sites, launch DDoS attacks, secure access and
engage in cyber-stalking, cyberbullying, and child pornography schemes. As
Shaaban and Sapronov (2016) noted, forensic investigators often overlook the
standard evaluation criteria to identify security-related lapses on the crime scene
while searching for perpetrators, suspicious witnesses, and human intruders. The
society is highly in need of inclusive channels to champion the production and
collection of reliable, balanced, and dispassionate, decisive evidence to disengage
and discourage aggressive criminals, victims, witnesses, and attorneys from
lighthearted and off-balance dialogue in court.

By design, criminals do not want to be caught and exposed to the public, but
are willing to spend twenty-four hours, seven days per week on computers, wired
and wireless devices, and the internet to camouflage all-inclusive outlawed motives
and intents. Per Ashish (2015), criminals claim to understand the law, knows right
and wrong, and are inclined to make a quick reference to the violation of their
Fourth Amendment rights to distract forensic investigators from performing their
duties as they search for evidence. Modern forensic investigators face sustained
challenges in the areas of unlimited access to wired and wireless communication
devices and internet technologies by criminals, culprits, sex offenders, child
pornographers, and disgruntled personnel. Unfortunately, these challenges are
growing exponentially leading to the snarled and unceasing threat to the security of
vulnerable innocent citizens across the globe. Criminals are cultured and stylish in
their ability to remotely destroy evidence on computers, wired and wireless
devices, secured network systems, and the acceleration of uncompromising modus
operandi to outperform forensic investigators and law enforcement officers
(Hayes, 2015; Shaaban & Sapronov, 2016).
Measures to Mitigation Challenges to Digital Forensic Investigation


Amid multiple and sophisticated challenges from the underworld of cyber
criminals, modern forensic investigators are actively using wireless electronic
devices to identify fraudulent activities and enforce compliance in the crime scene.
Unfortunately, these investigators continue to encounter almost insurmountable
handicaps among which are lapses in strategic planning and compliance measures
to monitor and protect digitally secured storage centers. These arrays of measures
to mitigate crime are undercut by the lack of stratagems of enforcement of
compliance against criminals who engage in an art of destabilization of innocent

To overcome the far-reaching challenges, modern forensic investigators
must step out of the narrow scope of operation and work diligently to decrease
mistakes and increase consistency and accuracy across the entire investigation
process. All-embracing attempts are a precondition to retain, store, and preserve
digital log files and records collected from the crime scene in a digitally encrypted
system, PDF, and on read-only media format (Hayes, 2015; Ashish, 2015; &
Casey, 2018).

Per Ayers, Brothers & Jansen (2014), a balanced approach to overcoming
sustained challenges must include unbiased examination of records and the
adoption of equitable techniques to identify and extract data from the crime scene.
The slant also calls for a dispassionate approach to analyzing and using preceding
records and resources to produce nonpartizan evidence in the court. Traditional
forensic investigation of yesteryears was engrained with deficiencies, and non-
functional method of operation. According to Hayes (2015) and Ashish (2015),
the culture of modern forensic investigation will not escape similar challenges
without a comprehensive, independent, and unprejudiced process relative to
compiling, producing, reporting, and presenting reliable evidence in court.


To abate the disturbing rate of challenges in forensic investigation, restore
trust and confidence in the society and in the court system, the future pathway must
involve the eradication of redundant indecorum and the sloppy method of
operation on the crime scene. The old-fashioned traditional or lay process must be
abolished in favor of the new methods and Best Practices that will redirect the
production of conclusive document pregnant with transparency and authenticity.
Forensic investigation is an organic profession; hence, its success depends squarely
on unremitting, vibrant, well-adjusted, and unbiased effort to design new methods
and techniques of operation. However, it is always in the interest of criminals to
persistently try to overpower and outsmart investigators by circumventing the
investigative system in order to stay ahead of being detected, captured, and brought
to justice.

As Ayers, Brothers & Jansen (2014), hinted the world of criminal
investigation must engage in a deliberate attempt to stay relevant and abreast
with the technicalities and logistics of communications devices. According to
these researchers, the National Institute of Standards and Technology (NIST),

smartphone, Nokia, Huawei, and Apple, the standard communication devices
today, must constantly be monitored and upgraded with modern technological
developments at a faster rate to withstand the challenges and rigors of digital
forensic investigations. These operations must be a step ahead of criminal
operations and be able to use the entrenched development to detect and apprehend
digital criminals. The National Institute of Standards and Technology (NIST)
operative must concentrate its energy on its ability to gather reliable and
dependable manual and digital records from wired and mobile devices in all major
operations (Zoltanszabodfw, 2018).


Similarly, the NIST often uses mobile devices to provide a forum to gather
and compile data and information during forensic investigation. The system
strongly requires enduring professional and rigorous training for forensic
investigators to enhance effective operation that will produce authentic, reliable,
and acceptable conclusive evidence in court. Until recently, mobile devices, email
logs and files, and the internet were isolated objects and domains in all facets of
forensic investigation. Such a myopic approach often ignored digital evidence
often stored in the hard disk, flash drive, emails, and related locations and
resources. The modern-day forensic investigators must come up with proactive
methods for acquiring adequate knowledge, skills, and understanding of how to use
most operating systems (OS), network operating systems (NOS), Linus, Unix,
Apple OS, vertical and application software, and more (Hayes, 2015; Shaaban &
Sapronov, 2016).The thriving future pathway for forensic investigators is to
acquire knowledge and expertise, and to stay abreast with the evolutions in
network protocols including transport control protocol (TCP) and internet protocol
(IP). Furthermore, they should be experts in adopting these tools in order to
identify file server logs and monitor incoming and outgoing traffic on wired and
wireless secured networks systems to detect and deduce victims and criminal

According to Zoltanszabodfw (2018) and Shaaban and Sapronov (2016),
the norms of modern forensic investigations call for the acknowledgement and
adoption of these three phases of challenges: the combative, preemptive, and
proactive. The Combative phase involves previously committed crimes such as
murder, robbery, and burglary. This phase includes collecting evidence, locating,
and interviewing witnesses, and identifying and arresting the suspected. The
Preemptive phase is a response to projected criminal activity, pilfering,
misappropriation, corruption, and forestalling and apprehending agents of


organized criminal activities, and the Proactive phase is a persistent phase which
calls for the investigators willingness to endure environmental pressure, being
observant, and monitoring would-be suspects’ attempt to escape from the crime
scene, paying attention to descriptions of offenders, color of the vehicles and
license plates of criminals attempting to escape from the crime scene, and notifying
the dispatcher for a backup unit to assist the crime scene.   

Forensic Investigation Professional Training

As indicated by Shaaban and Sapronov (2016) and Ayers, Brothers and
Jansen (2014), most organizations are forced to cut cost and reorganize the
workforce due to unforeseen financial and economic situations that necessitate the
implementation of the furlough policies. In the interim, most employees who have
been with organizations for a decade are unlikely and unwilling to accept such
reorganization policies even in the face of abrupt emergencies such as the COVID-
19 pandemic. As it is often expressed, capable disgruntled personnel who are
negatively affected by layoff and furlough policies, especially those who were first
in line to pledge loyalty to the organization, often switch their loyalty and nourish
negative intents and motives of revenge. The evidence of negative motives and
intent are discerned in data breach and exposing the organization to danger. The
projected imminent challenges ahead of forensic investigators reside in the areas of
cloud technology, metadata, anti-forensics, encryption, social networking, Internet
of things, and wired and wireless network systems that must not be overlooked
and/or underrated.

Disgruntled Personnel Parochial Culture.
Per Pazzaglia, Flynn, and Sonpar (2012), the amicable approach to mitigate
disgruntled personnel’s assault and incursion tactics must include the


understanding, acceptance, and recognition of the two fundamental facts
adumbrated by two schools of thought. The first school of thought hinted that
“active personnel are the nucleus and life wire of a functional organization; hence,
it is a sad miscalculation, an unfortunate option to misjudge and ignore
personnel’s frame of mind.” The second school of thought whose emphasis is on
the mindset of the distrust, bred by a negative and toxic working atmosphere, urge
“chief executive officers, administrators, managers, and supervisors to refrain from
the culture of secrecy.” In response, to sponsor well-matched future pathways for
forensic investigators, organizations are admonished to be willing and ready to get
rid of the culture of extreme secrecy and lack of transparency. Organizations
should be open to the culture of embracing mission-driven judgment calls to
prevent mid-level managers and supervisors’ engagement in the process.
Electronic crimes using digital domains are increasing, while criminals using
computers, mobile devices, and internet technologies are creating enormous, and
unlimited challenges to circumvent and undercut detection. This is all at the
expense of unbiased attempts by forensic investigations, law enforcement officers
to keep organizations and community criminals off-the street.

Digital devices, including desktop and laptop computers, mobile phones,
tablets, gaming consoles, and smart phones, are indispensable cultural gadgets of
the modern society. The proliferation of these devices in everyday life is
entrenched with the tendency to amplify criminal activities such as fraud, drug
trafficking, homicide, hacking, forgery, pornography, and terrorism. The
propagation of criminals’ sustained use of electronic devices is almost a pandemic,
and the accelerating increase, and dexterity of usage are placing forensic
investigators, law enforcement officers, and citizens at a disadvantage. The modern
digital forensic operative is continuously faced with challenges, originating from


the lack of standardization, and scheduled enduring professional education for
career forensic investigators. The National Institute of Standards and Technology
(NIST) has established and published guidelines for digital forensics investigation
professional training and certification programs to keep up with rapidly evolving
technologies in an attempt to outstep criminals who spend sleepless nights to
engage in circumventing detection and involvement in organized, sophisticated
criminal activities.

Ashish. (2015). Carving out the Difference between Computer Forensics and
E-Discovery. Retrieved from http://articles.forensicfocus.com/2015/02/27

Ayers, R., Brothers. S., & Jansen, W. (2014). Guidelines on Mobile Device
Forensics. From

Casey, Eoghan. (2011) Digital Evidence and Computer Crime: Forensic Science,
Computers and The Internet. Elsevier Inc., Waltham: MA.

Hayes, Darren R. (2015). A Practical Guide to Computer
Forensics Investigations. Pearson, 800 East Street, Indianapolis: IN.

Shaaban, Ayman & Sapronov, Konstantin (2016). Practical Windows
Forensics. Packt Publishing Ltd, Birmingham: U.K.


Zoltanszabodfw. (2018). “Digital Forensics is not just HOW but WHY.”